Consortium Pushes Security Standards for Technology Supply Chain

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM. The document has been dubbed the Open Trusted Technology Provider Standard (O-TTPS) Snapshot. The standards are being aimed at providers, suppliers and integrators with the goal of enhancing the security of the supply chain and allowing customers to differentiate between providers who adopt the standard’s practices and those who don’t.

"With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains," said David Lounsbury, chief technology officer of The Open Group, in a statement. "Standards such as O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years and how business is done across the global supply chain."

According to The Open Group, globalization has brought both benefits and risks to developers of commercial off-the-shelf products. The increasing sophistication of cyber-threats has forced technology suppliers and governments to take a more comprehensive approach to security, the organization said.

According to the FBI, from November 2007 to May 2010, Customs and Border Protection and Immigration and Customs Enforcement made more than 1,300 seizures involving 5.6 million counterfeit semiconductor devices. These semiconductors are used extensively in modern products, including many used in government, military, and aerospace industries. More than 50 seized counterfeit shipments were falsely marked as military or aerospace grade devices.

"The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds, and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyberattacks and an ever increasing range of breaches and disruptions," said Andras Szakal, vice president and chief technology officer, IBM U.S. Federal. "Standards like O-TTPS are critical in helping to ensure the integrity and security of data, and giving customers peace of mind."

Based on the Snapshot, Version 1.0 of the standard is expected to be published in late 2012.